[asterisk-bugs] [JIRA] (ASTERISK-28454) res_fax.c UTF-8 validation for remotestationid and pbx_builtin_setvar_helper

Jodi Jones (JIRA) noreply at issues.asterisk.org
Wed Jun 19 16:25:47 CDT 2019


     [ https://issues.asterisk.org/jira/browse/ASTERISK-28454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jodi Jones updated ASTERISK-28454:
----------------------------------

    Description: 
A UTF-8 validation needs to be added to https://github.com/asterisk/asterisk/blob/master/res/res_fax.c#L1450, invalid utf-8 causes a segfault via json 

IE

{code}
# 0: /usr/sbin/asterisk(ast_json_pack+0x94) [0x4f77f4]
# 1: /usr/sbin/asterisk(ast_channel_publish_varset+0x2b) [0x57dd2b]
# 2: /usr/sbin/asterisk(pbx_builtin_setvar_helper+0x123) [0x533f13]
# 3: /usr/lib/asterisk/modules/res_fax.so(+0x3de2) [0x7fdfe67a2de2]
# 4: /usr/lib/asterisk/modules/res_fax.so(+0x95a7) [0x7fdfe67a85a7]
# 5: /usr/lib/asterisk/modules/res_fax.so(+0x10df5) [0x7fdfe67afdf5]
# 6: /usr/sbin/asterisk(pbx_exec+0xb9) [0x52ad09]
# 7: /usr/sbin/asterisk() [0x51e6d5]
# 8: /usr/sbin/asterisk() [0x520744]
# 9: /usr/sbin/asterisk() [0x521ccb]
#10: /usr/sbin/asterisk() [0x59e179]
#11: /lib64/libpthread.so.0(+0x7dd5) [0x7fe037454dd5]
#12: /lib64/libc.so.6(clone+0x6d) [0x7fe0364f4ead]

[Jun 10 17:08:51] ERROR[12545][C-00000002] stasis_channels.c: Error creating message
[Jun 10 17:08:51] ERROR[12545][C-00000002] json.c: Error building JSON from '{s: s, s: s, s: s, s: s, s: s, s: s, s: o}': Invalid UTF-8 string.
[Jun 10 17:08:51] ERROR[12545][C-00000002] : Got 10 backtrace records
# 0: /usr/sbin/asterisk(ast_json_pack+0x94) [0x4f77f4]
# 1: /usr/lib/asterisk/modules/res_fax.so(+0x50c8) [0x7fdfe67a40c8]
# 2: /usr/lib/asterisk/modules/res_fax.so(+0x10e4a) [0x7fdfe67afe4a]
# 3: /usr/sbin/asterisk(pbx_exec+0xb9) [0x52ad09]
# 4: /usr/sbin/asterisk() [0x51e6d5]
# 5: /usr/sbin/asterisk() [0x520744]
# 6: /usr/sbin/asterisk() [0x521ccb]
# 7: /usr/sbin/asterisk() [0x59e179]
# 8: /lib64/libpthread.so.0(+0x7dd5) [0x7fe037454dd5]
# 9: /lib64/libc.so.6(clone+0x6d) [0x7fe0364f4ead]
{code}

Here is the character in question from the FAXOPT

{code}
[Jun 10 17:08:51] VERBOSE[12545][C-00000002] pbx.c: Executing [h at fax-rx:9] NoOp("SIP/VIBE-XC5-XS1-00000001", "FAXOPT(remotestationid) : ▒▒▒▒ ") in new stack
{code}

Validated segfault goes away by  not referencing *details->remotestationid* and using a static string in the function *set_channel_variables* from *res_fax.c*.

Band-aid solution for our production environment (i understand this is not a proper fix)

{code}
        //pbx_builtin_setvar_helper(chan, "REMOTESTATIONID", S_OR(details->remotestationid, NULL));
        pbx_builtin_setvar_helper(chan, "REMOTESTATIONID", S_OR("utf8_bypass", NULL));
{code}

We were getting several segfaults an hour when receiving fax's with dodgy remote station id's... we haven't had a single segfault since applying this work around.

  was:
A UTF-8 validation needs to be added to https://github.com/asterisk/asterisk/blob/master/res/res_fax.c#L1450, invalid utf-8 causes a segfault via json 

IE

{code}
# 0: /usr/sbin/asterisk(ast_json_pack+0x94) [0x4f77f4]
# 1: /usr/sbin/asterisk(ast_channel_publish_varset+0x2b) [0x57dd2b]
# 2: /usr/sbin/asterisk(pbx_builtin_setvar_helper+0x123) [0x533f13]
# 3: /usr/lib/asterisk/modules/res_fax.so(+0x3de2) [0x7fdfe67a2de2]
# 4: /usr/lib/asterisk/modules/res_fax.so(+0x95a7) [0x7fdfe67a85a7]
# 5: /usr/lib/asterisk/modules/res_fax.so(+0x10df5) [0x7fdfe67afdf5]
# 6: /usr/sbin/asterisk(pbx_exec+0xb9) [0x52ad09]
# 7: /usr/sbin/asterisk() [0x51e6d5]
# 8: /usr/sbin/asterisk() [0x520744]
# 9: /usr/sbin/asterisk() [0x521ccb]
#10: /usr/sbin/asterisk() [0x59e179]
#11: /lib64/libpthread.so.0(+0x7dd5) [0x7fe037454dd5]
#12: /lib64/libc.so.6(clone+0x6d) [0x7fe0364f4ead]

[Jun 10 17:08:51] ERROR[12545][C-00000002] stasis_channels.c: Error creating message
[Jun 10 17:08:51] ERROR[12545][C-00000002] json.c: Error building JSON from '{s: s, s: s, s: s, s: s, s: s, s: s, s: o}': Invalid UTF-8 string.
[Jun 10 17:08:51] ERROR[12545][C-00000002] : Got 10 backtrace records
# 0: /usr/sbin/asterisk(ast_json_pack+0x94) [0x4f77f4]
# 1: /usr/lib/asterisk/modules/res_fax.so(+0x50c8) [0x7fdfe67a40c8]
# 2: /usr/lib/asterisk/modules/res_fax.so(+0x10e4a) [0x7fdfe67afe4a]
# 3: /usr/sbin/asterisk(pbx_exec+0xb9) [0x52ad09]
# 4: /usr/sbin/asterisk() [0x51e6d5]
# 5: /usr/sbin/asterisk() [0x520744]
# 6: /usr/sbin/asterisk() [0x521ccb]
# 7: /usr/sbin/asterisk() [0x59e179]
# 8: /lib64/libpthread.so.0(+0x7dd5) [0x7fe037454dd5]
# 9: /lib64/libc.so.6(clone+0x6d) [0x7fe0364f4ead]
{code}

Here is the character in question from the FAXOPT

{code}
[Jun 10 17:08:51] VERBOSE[12545][C-00000002] pbx.c: Executing [h at fax-rx:9] NoOp("SIP/VIBE-XC5-XS1-00000001", "FAXOPT(remotestationid) : ▒▒▒▒ ") in new stack
{code}

Validated segfault goes away by  not referencing `details->remotestationid` and using a static string in the function `set_channel_variables` of res_fax.c.

Band-aid solution for our production environment (i understand this is not a proper fix)

{code}
        //pbx_builtin_setvar_helper(chan, "REMOTESTATIONID", S_OR(details->remotestationid, NULL));
        pbx_builtin_setvar_helper(chan, "REMOTESTATIONID", S_OR("utf8_bypass", NULL));
{code}

We were getting several segfaults an hour when receiving fax's with dodgy remote station id's... we haven't had a single segfault since applying this work around.


> res_fax.c UTF-8 validation for remotestationid and pbx_builtin_setvar_helper
> ----------------------------------------------------------------------------
>
>                 Key: ASTERISK-28454
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28454
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_fax
>    Affects Versions: 16.4.0
>         Environment: Linux
>            Reporter: Jodi Jones
>              Labels: fax
>
> A UTF-8 validation needs to be added to https://github.com/asterisk/asterisk/blob/master/res/res_fax.c#L1450, invalid utf-8 causes a segfault via json 
> IE
> {code}
> # 0: /usr/sbin/asterisk(ast_json_pack+0x94) [0x4f77f4]
> # 1: /usr/sbin/asterisk(ast_channel_publish_varset+0x2b) [0x57dd2b]
> # 2: /usr/sbin/asterisk(pbx_builtin_setvar_helper+0x123) [0x533f13]
> # 3: /usr/lib/asterisk/modules/res_fax.so(+0x3de2) [0x7fdfe67a2de2]
> # 4: /usr/lib/asterisk/modules/res_fax.so(+0x95a7) [0x7fdfe67a85a7]
> # 5: /usr/lib/asterisk/modules/res_fax.so(+0x10df5) [0x7fdfe67afdf5]
> # 6: /usr/sbin/asterisk(pbx_exec+0xb9) [0x52ad09]
> # 7: /usr/sbin/asterisk() [0x51e6d5]
> # 8: /usr/sbin/asterisk() [0x520744]
> # 9: /usr/sbin/asterisk() [0x521ccb]
> #10: /usr/sbin/asterisk() [0x59e179]
> #11: /lib64/libpthread.so.0(+0x7dd5) [0x7fe037454dd5]
> #12: /lib64/libc.so.6(clone+0x6d) [0x7fe0364f4ead]
> [Jun 10 17:08:51] ERROR[12545][C-00000002] stasis_channels.c: Error creating message
> [Jun 10 17:08:51] ERROR[12545][C-00000002] json.c: Error building JSON from '{s: s, s: s, s: s, s: s, s: s, s: s, s: o}': Invalid UTF-8 string.
> [Jun 10 17:08:51] ERROR[12545][C-00000002] : Got 10 backtrace records
> # 0: /usr/sbin/asterisk(ast_json_pack+0x94) [0x4f77f4]
> # 1: /usr/lib/asterisk/modules/res_fax.so(+0x50c8) [0x7fdfe67a40c8]
> # 2: /usr/lib/asterisk/modules/res_fax.so(+0x10e4a) [0x7fdfe67afe4a]
> # 3: /usr/sbin/asterisk(pbx_exec+0xb9) [0x52ad09]
> # 4: /usr/sbin/asterisk() [0x51e6d5]
> # 5: /usr/sbin/asterisk() [0x520744]
> # 6: /usr/sbin/asterisk() [0x521ccb]
> # 7: /usr/sbin/asterisk() [0x59e179]
> # 8: /lib64/libpthread.so.0(+0x7dd5) [0x7fe037454dd5]
> # 9: /lib64/libc.so.6(clone+0x6d) [0x7fe0364f4ead]
> {code}
> Here is the character in question from the FAXOPT
> {code}
> [Jun 10 17:08:51] VERBOSE[12545][C-00000002] pbx.c: Executing [h at fax-rx:9] NoOp("SIP/VIBE-XC5-XS1-00000001", "FAXOPT(remotestationid) : ▒▒▒▒ ") in new stack
> {code}
> Validated segfault goes away by  not referencing *details->remotestationid* and using a static string in the function *set_channel_variables* from *res_fax.c*.
> Band-aid solution for our production environment (i understand this is not a proper fix)
> {code}
>         //pbx_builtin_setvar_helper(chan, "REMOTESTATIONID", S_OR(details->remotestationid, NULL));
>         pbx_builtin_setvar_helper(chan, "REMOTESTATIONID", S_OR("utf8_bypass", NULL));
> {code}
> We were getting several segfaults an hour when receiving fax's with dodgy remote station id's... we haven't had a single segfault since applying this work around.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list